Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeremy Allison <jra@samba.org>
To: Michael Adam <obnox@samba.org>
Cc: Jeff Layton <jlayton@samba.org>,
	Jon Severinsson <jon@severinsson.net>,
	linux-cifs-client@lists.samba.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, vl@samba.org
Subject: Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking
Date: Thu, 11 Mar 2010 17:53:19 -0800	[thread overview]
Message-ID: <20100312015319.GC27697@samba1> (raw)
In-Reply-To: <E1Npr8D-00A474-O0@intern.SerNet.DE>

On Thu, Mar 11, 2010 at 11:45:29PM +0100, Michael Adam wrote:
> 
> When discussing this with Volker today, he had a different idea:
> One could implement a trans2 impersonate call in samba (as a new
> call in the unix extensions) that could be used to transfer the
> session established by the privileged user (root, say) to a
> different user specified as an argument to the call -- without
> the need to give credentials! Then this call could be used in
> the multi user mount scenario: when uid 1000 accesse the cifs
> mount then the root-dispatcher mount would create a new session
> initially as root and issue an impersonate call to user 1000
> directly afterwards.
> 
> Wouldn't that be something worth considering?

This world work, but protocol cleanliness-wise it's
*really* horrible :-).

Jeremy.

WARNING: multiple messages have this Message-ID (diff)

From: Jeremy Allison <jra@samba.org>
To: Michael Adam <obnox@samba.org>
Cc: vl@samba.org, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@samba.org>,
	linux-cifs-client@lists.samba.org
Subject: Re: [RFC PATCH] CIFS posix acl permission	checking
Date: Thu, 11 Mar 2010 17:53:19 -0800	[thread overview]
Message-ID: <20100312015319.GC27697@samba1> (raw)
In-Reply-To: <E1Npr8D-00A474-O0@intern.SerNet.DE>

On Thu, Mar 11, 2010 at 11:45:29PM +0100, Michael Adam wrote:
> 
> When discussing this with Volker today, he had a different idea:
> One could implement a trans2 impersonate call in samba (as a new
> call in the unix extensions) that could be used to transfer the
> session established by the privileged user (root, say) to a
> different user specified as an argument to the call -- without
> the need to give credentials! Then this call could be used in
> the multi user mount scenario: when uid 1000 accesse the cifs
> mount then the root-dispatcher mount would create a new session
> initially as root and issue an impersonate call to user 1000
> directly afterwards.
> 
> Wouldn't that be something worth considering?

This world work, but protocol cleanliness-wise it's
*really* horrible :-).

Jeremy.

next prev parent reply	other threads:[~2010-03-12  1:53 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-04 10:50 [RFC PATCH] CIFS posix acl permission checking Jon Severinsson
2010-03-04 10:50 ` Jon Severinsson
2010-03-04 13:44 ` [linux-cifs-client] " simo
2010-03-04 13:44   ` simo
2010-03-04 15:21   ` Jon Severinsson
2010-03-04 15:51     ` [linux-cifs-client] " simo
2010-03-04 15:51       ` simo
2010-03-04 17:33       ` [linux-cifs-client] " Jeremy Allison
2010-03-04 17:33         ` Jeremy Allison
2010-03-04 16:18 ` [linux-cifs-client] " Jeff Layton
2010-03-04 16:18   ` Jeff Layton
2010-03-05  9:47   ` [linux-cifs-client] " Michael Adam
2010-03-05  9:47     ` Michael Adam
2010-03-11 22:45   ` [linux-cifs-client] " Michael Adam
2010-03-11 22:45     ` Michael Adam
2010-03-12  1:24     ` [linux-cifs-client] " Jeff Layton
2010-03-12  1:24       ` Jeff Layton
2010-03-12  1:53     ` Jeremy Allison [this message]
2010-03-12  1:53       ` Jeremy Allison
2010-03-12  8:09       ` [linux-cifs-client] " Michael Adam
2010-03-12  8:09         ` Michael Adam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100312015319.GC27697@samba1 \
    --to=jra@samba.org \
    --cc=jlayton@samba.org \
    --cc=jon@severinsson.net \
    --cc=linux-cifs-client@lists.samba.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=obnox@samba.org \
    --cc=vl@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.